News
Vulnerability-Lookup 2.20.0 released
Just in time for the end of the year, we’re happy to share our final release before the holidays: Vulnerability-Lookup 2.20.0 🎄 What’s New GCVE (Global CVE Allocation System): Relationships We’ve updated the bundled Vulnogram interface to better support the GCVE ecosystem. Vulnerability-Lookup now allows you to define and manage relationships between vulnerabilities, in line with the GCVE BCP-05 specification. Commit: 2f39bf8 This is a first step toward implementing full GCVE BCP-05 compliance.
December 19, 2025
GPU Efficiency in VLAI Model Training
Experiences and Benchmarks from Months of VLAI Vulnerability Severity Classification Model Training
December 12, 2025
Vulnerability-Lookup 2.19.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.19.0! What’s New GCVE: Global CVE Allocation System We’re pleased to announce the publication of: GCVE-BCP-02 – Practical Guide to Vulnerability Handling and Disclosure, and GCVE-BCP-04 - Recommendations and Best Practices for ID Allocation This Best Current Practice document GCVE-BCP-02 provides actionable guidance for organisations, researchers, and GCVE Numbering Authorities (GNAs) on managing and disclosing vulnerabilities effectively, both within the GCVE ecosystem and beyond.
December 9, 2025
Vulnerability Report - November 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
December 3, 2025
End-of-Year Threat Intelligence Sightings Forecast
Adaptive analysis and short-term forecast of threat intelligence sightings from key sources tracked by Vulnerability-Lookup
December 2, 2025
Vulnerability-Lookup 2.18.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.18.0 — packed with exciting new features! What’s New Integration with Rulezet Rulezet is an open-source platform for sharing, evaluating, improving, and managing cybersecurity detection rules (YARA, Sigma, Suricata, etc.). Its goal is to foster collaboration among professionals and enthusiasts to enhance the quality and reliability of detection rules. Vulnerability-Lookup can now be configured to interface with the API of any Rulezet instance, providing insights into existing detection rules related to security vulnerabilities. The default Rulezet instance enabled in Vulnerability-Lookup is hosted at https://rulezet.org and currently offers more than 122,000 security rules.
November 14, 2025
Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform at Unlock Your Bain conference
Slides: Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent Unlock Your Brain conference. A well-organised and welcoming event, Unlock Your Brain brings together a great mix of researchers, practitioners, and open-source enthusiasts—making it a perfect place to exchange ideas on vulnerability tracking and disclosure. Download the slides: https://www.vulnerability-lookup.org/files/events/2025/presentation-unlockyourbrain.pdf Feedback and Support If you find any issues or have suggestions, please open a ticket on our GitHub repository: https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
November 8, 2025
Vulnerability Report - October 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
November 4, 2025
Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
This hands-on workshop at hack.lu 2025 introduced the open-source Vulnerability Lookup project and the Global Common Vulnerabilities and Exposures (GCVE) initiative, two complementary efforts designed to modernize and decentralize the way vulnerabilities are published, shared, and consumed. Participants discovered how Vulnerability Lookup acts as a collaborative platform for collecting, enriching, and analyzing vulnerability data, supporting every stage of the vulnerability management lifecycle, from discovery and prioritization to tracking remediation and assessing exposure. The session introduced GCVE, a next-generation, decentralized framework for vulnerability identification that empowers organizations to act as GCVE Numbering Authorities (GNAs) with greater autonomy and flexibility.
October 24, 2025
Vulnerability-Lookup 2.17.0 released
We’re happy to announce the release of Vulnerability-Lookup 2.17.0 — introducing new data integrations, API improvements, and multiple security and stability fixes. What’s New New Sightings and Integrations Public PoC Sightings — Vulnerabilities with a known public proof of concept can now be tracked directly. (#245) ENISA KEV Catalog — Integration of the European Union Agency for Cybersecurity’s Known Exploited Vulnerabilities catalog adds an authoritative new layer of intelligence. (#237) Metasploit Sightings — Automatically detect and list vulnerabilities referenced in Metasploit modules. (#228) Sploitus RSS — Fetch exploit information from Sploitus feeds. (#227) API Enhancements Added bulk DELETE endpoints for sightings. (commit a514920) Changes Command-line tools now provide an option to delete sightings matching a regular expression. (commit 0859260) Regex matching for new sightings has been tightened to require full matches, improving data consistency. (commit 71387fc) Fixes A major focus of 2.17.0 is hardening the platform against potential injection and logic issues. Highlights include:
October 13, 2025